WazirX Says Preliminary Investigation Found No Evidence of Compromised Machines

WazirX, a leading cryptocurrency exchange in India, has concluded its preliminary investigation into the recent cyber-attack on its multi-signature Ethereum wallet.

After the investigation, the exchange asserted that no evidence suggests the devices of their signers were compromised. This finding comes after a thorough scientific analysis conducted in response to the attack earlier this month. 

WazirX Cyber Attack Analysis

The exchange initially blamed its custody service provider, Liminal, for the breach. According to WazirX, the hack was attributed to an issue with Liminal’s user interface.

However, Liminal’s investigation report, released on July 19, countered this claim. The report indicated that their infrastructure remained secure and suggested that compromised hardware wallets were the likely cause.

Meanwhile, WazirX’s continued scientific efforts have not revealed any signs of malware or tampering on their signers’ devices.

The hacked wallet, which required signatures from three WazirX signers and one from Liminal, had its legitimate transactions signed by devices located in different places. All these devices have access to Liminal’s authentic website.

The hardware wallets did not detect any new connection requests, affirming the website’s legitimacy during the attack.

Despite the stringent security measures in place, including multi-signature protocols, the attacker used legitimate signatures. This implies a deeper issue, possibly within Liminal’s system.

The exchange has outlined two primary scenarios that could explain this breach. WazirX considers the first scenario more likely: a direct compromise within Liminal’s infrastructure resulting in malicious transactions originating from their system.

The use of whitelisted addresses and the absence of new connection requests to hardware wallets support this hypothesis.

The second scenario suggests a compromise of WazirX signers’ devices, potentially through malware. However, the team found no preliminary evidence to back up this suspicion.

For such a move to work, the final signature required for the transactions must be obtained by breaching Liminal’s firewall.

WazirX believes that the attack did not begin with its servers, thereby making Liminal’s security protocols a likely suspect.

The Malicious Transactions

The attack, which occurred on July 18, resulted in the theft of roughly 45% of WazirX’s crypto assets, prompting the exchange to temporarily halt its operations. WazirX assured its users that their multi-signature wallet and all fiat currency deposits would not be affected.

In response to the incident, WazirX is actively cooperating with relevant authorities and exploring partnerships to restore operations and compensate affected users.

Meanwhile, cybersecurity experts speculate that the notorious North Korean Lazarus Group might have been involved in this breach. 

This suspicion particularly holds considering the group’s technical abilities and sophisticated cyber-attacks on crypto exchanges and financial institutions.

The post WazirX Says Preliminary Investigation Found No Evidence of Compromised Machines appeared first on The Tech Report.